The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the use of several system utilities such as pandoc, grep, soffice, and pdftoppm for document conversion and analysis. The instructions explicitly recommend using sudo apt-get install to satisfy these dependencies, which grants administrative privileges for package management operations.
[REMOTE_CODE_EXECUTION]: To handle complex OOXML structures, the workflow instructs the agent to dynamically generate and execute Python and JavaScript/TypeScript scripts. This runtime code generation and execution poses a security risk if the generated logic is influenced by malicious document content.
[PROMPT_INJECTION]: The skill's primary function is to read and analyze external .docx files, which serves as a significant attack surface for indirect prompt injection. Malicious instructions embedded in a processed document could be interpreted by the agent during extraction.
Ingestion points: Document files processed via the Redlining, Text Extraction, and Conversion workflows.
Boundary markers: No specific delimiters or safety instructions are provided to the agent to ignore potentially malicious commands within extracted text.
Capability inventory: Execution of shell commands and dynamically generated Python/Node.js scripts.
Sanitization: While the skill suggests using defusedxml to prevent XML-based attacks like XXE, it lacks mechanisms to sanitize natural language content against injection attempts.

docx